Classifying new and unknown (zero-day) malware has always been a challenge in the security industry as new variants are discovered in the wild at an overwhelming rate.
Once an adversary has compromised privileged credentials, for example, by exploiting an attack path, they want to make sure they don’t lose their foothold in the domain. That is, even if the accounts they have compromised are disabled or have their passwords reset, they want to be able to easily regain Domain Admin rights. One way to achieve this persistence is to exploit features of Active Directory that are intended to keep privileged accounts protected: AdminSDHolder and SDProp.
In today's increasingly mobile-driven world, securing our digital assets and protecting sensitive information is of paramount importance. To address this need, the National Institute of Standards and Technology (NIST) recently released the latest version of their publication, NIST 800-124 Rev. 2: Guidelines for Managing the Security of Mobile Devices in the Enterprise.
The Utah Medicaid office offers healthcare to qualifying patients throughout the state. These patients rely on the organization to provide them with their medical insurance and to offer other services to them. While providing those services, the organization maintains health and wellness information as well as personal data. That's why it's concerning that the Utah Medicaid office recently experienced a self-caused data breach.
Data breaches are becoming more prevalent and serious each week in 2023, but this week was a bad one for the MOVEit file transfer service, as well as medical organizations and schools and school districts. Anyone utilizing MOVEit should immediately patch the service for their protection, but we're going to go into specifics about that breach, as well as breaches impacting the Pearland, Texas school district, Intellihartx, the MN Department of Education, and the Utah Medicaid system.
Rewind a couple of years and enterprises were heavily focused on acquiring new tech to drive forward their digitization plans. Then, when the pandemic struck, organizations were forced to fix any technology gaps in their environment and digitize services to hastily plug these gaps.
